Salaries for most information security professionals are continuing to trend upward as demand increases, particularly for technical skills.
According to the latest figures from recruitment specialist Acumin, the skills most in demand are in application security and security architecture.
“These types of skills are in huge demand. They are also the hardest to find, and have consequently seen the greatest increases in remuneration,” said Chris Batten, joint managing director of Acumin.
The highest demand is for skills in application security and security architecture
“Anything relating to incident management: reverse engineering of malware, the response to incidents, the forensic analysis of the network and post-incident analysis. We are finding that organisations are really gearing up, including consultancies,” he said.
Perhaps the only exceptions to the upward salary trend, he said, have been at the senior end, where there are more candidates on the market, but the drop-off has been has been fairly slight.
The rise and fall of IT security salaries
Demand is highest for middle-range candidates, where salaries have been driven by a lack of supply, which Batten ascribes in part to the decline in the number of UK engineering graduates in the past three to four years.
Download the full results
Not only is demand for information security increasing as it becomes more embedded within organisations’ architectures and projects, he said, but at the same time the decline in the number of engineering graduates has meant fewer are feeding into information security.
Another exacerbating factor is that in recent years information security has been failing to bring in people at the apprenticeship level, making it difficult to meet market demand for professionals with two to three years’ experience.
Information security breaches survey 2012
“There was not enough investment in the past two to three years in developing middle-range candidates. Therefore they are very scarce,” said Batten.
In terms of skills demand, the only areas of tail-off in the past year have been in the public sector, as a result of general cuts in spending, and in the less technical aspects of information security.
“Although we expect things to change towards the end of the year, for the past year public sector spending has been flat at best, particularly for consultants,” said Batten.
Security service providers and suppliers
The biggest salary increases paid by security service providers and suppliers is for sales staff. “We have seen continued increase in the demand for good enterprise sales people, both direct and in the channel,” said Chris Batten, joint managing director of Acumin.
There has been a real shift in the more traditional routes to market for suppliers from value added resellers into cloud service providers and datacentre providers, he said. “Consequently, we have seen an increase in the demand for good channel people who understand the value of things like cloud computer and virtualisation.”
This trend has been accelerated in the past year as security suppliers have started talking about the value of embedding security products in cloud services and e-commerce platforms, said Batten. “Channel focus has to change as they are now selling to companies that provide those services,” he said.
Information security spending in recent months has also tended to be more in terms of plugging holes, he said, rather than long-term strategy.
Consequently, there has been a decline in demand for skills in information security management, policy and standards. Also information risk, security management and compliance. “We are seeing a fall in both permanent salaries and contract rates on offer in these areas, particularly for contract work,” said Batten.
Despite this trend, PCI-DSS skills seem to have increased in demand after being in the doldrums for the past year.
Although contract rates have been down across the board, because contract work is usually associated with project work and most projects are still on hold, Batten said Acumin expects to see some improvement towards the end of the year.
The recruitment firm expects the trend towards technical skills to continue, but several other specific areas such as e-discovery, for example, are likely to also emerge.
Acumin also expects the general demand for information security professionals to continue, if not increase, towards the end of the year.
Despite the recession, we are registering more jobs as security becomes increasingly important
Chris Batten, joint managing director, Acumin
“Despite the recession, we are registering more jobs as security becomes increasingly important,” said Batten.
“However, employers are getting very picky about it. They want someone they can get the most out of without paying top rates,” he said.
This is one of the biggest drivers of the demand for people with mid-range skills and experience. But, according to Batten, there are just not enough people to meet that demand.